.TH GROINC 1 "2007-11-02" "version 0.0.10" "Groinc"
.SH NAME
groinc \- The simple network sniffer
.SH SYNOPSIS
.TP
.B groinc
.RB [ \-option ]
.RB [ \-DSG 
.IR "ip addr" ]
.RB [ \-dsg
.IR "port number" ]
.RB [ \-F 
.IR regex ]
.RB [ \-p
.IR "protocol name" ]
.RB [ \-l
.IR number ]
.RB [ \-t 
.IR time (seconds)]
.SH DESCRIPTION
Groinc is a simple text-mode sniffer. You can use complexe filters for 
datalink,network and transport layer protocols and data. 
.PP
There is a regex filter for layers over the transport layer. You can
save or load your captures in a file. You have the choice between a lot 
of type of display (from simple to very detailed). A lot of protocols 
are available.
.SH EXAMPLES
.TP 
To sniff all the network trafic on this machine and use the simple display : \c
.B groinc
.TP 
To sniff trafic from or to the server pointed by "domain.tld" and use the simple display without resolv the machines addresses : \c
.B groinc -G domain.tld -j
.TP 
To sniff TCP trafic on port 80 and display protocols headers: \c
.B groinc -v -p tcp -g 80
.TP
To sniff ARP trafic, stopping after 20 packets received, using hexadecimal display: \c
.B groinc -H -p arp -l 20
.TP
To sniff UDP trafic which have a destination IP in the subnetwork 192.168.0.0 whick have for network mask 255.255.0.0 and source port 53, saving capture in the file file.cap: \c
.BI "groinc -q -w file.cap -p udp -D 192.168/16 -s 53" " or " "groinc -q -w file.cap -p udp -D 192.168.0.0:255.255.0.0 -s 53"
.TP
To sniff all the trafic during 20 seconds and display headers and data: \c
.B groinc -v -a -t 20
.SH FILTER OPTIONS
.TP
.BI "-m	--sourcemac " "MAC address" \c
\& The MAC adress of the source
.TP
.BI "-M	--destmac " "MAC address" \c
\& The MAC adress of the destination
.TP
.BI "-s 	--sourceport " "port number" \c
\& The source port number to be scan
.TP
.BI "-d 	--destport " "port number" \c
\& The destination port number to be scan
.TP
.BI "-g	--globalport " "port" \c
\& The source or destination port to be scan
.TP
.BI "-S 	--sourceip " "IP address[:netmask]" " | " "domain name" " | " "IP address/netmask(CIDR)" \c
\& The source IP adress to be scan
.TP
.BI "-D 	--destip " "IP address[:netmask]" " | " "domain name" " | " "IP address/netmask(CIDR)" \c
\& The destination IP adress to be scan
.TP
.BI "-G 	--globalip " "IP address[:netmask]" " | " "domain name" " | " "IP address/netmask(CIDR)" \c
\& The source or destination IP to be scan
.TP
.BI "-p 	--protocol " "name" \c
\& Specify the protocol
.TP
.BI "-f 	--filter " "string" \c
\& Enable (application layer) filter with a string
.TP
.BI "-F	--filter-regex " "regular expression" \c
\& Enable (application layer) filter with a regular expression (POSIX)
.TP
.BI "-t 	--timelimit " "number"\c
\& Give a limit of time to sniff (seconds)
.TP
.BI "-l	--limitnb " "number" \c
\& Give the number of packets to display before stop the sniffing
.SH DISPLAY OPTIONS
.TP
.B -a	--displaydata \c
\& Display the received (application layer) data
.TP
.B -A 	--simpledisplay \c
\& Enable the simple display
.TP
.B -b 	--displayprototransport \c
\& Display the name/size of the transport layer protocol
.TP
.B -B 	--displayprotonetwork \c
\& Display the name/size of the network layer protocol
.TP
.B -c 	--displayprotodatalink \c
\& Display the name/size of the datalink layer protocol
.TP
.B -H	--hexa \c
\& Display data in hexadecimal
.TP
.B -n 	--displaypackets \c
\& Display the length of the received packets
.TP
.B -N 	--displayallpackets \c
\& Display the length of all the not filtred received packets
.TP
.B -q 	--quiet \c
\& Do not display packets
.TP
.B -v 	--verbose \c
\& Verbose mode, display the headers of the scanned packets
.TP
.B -z	--dontdisplayemptysp \c
\& Dont display the empty application layer packets
.SH OTHER OPTIONS
.TP
.B -j 	--noresolv \c
\& Do not try to resolv machines addresses when using simple-display (makes the display runs faster)
.TP
.BI "-r	--read " "file" \c
\& Load data from a saved file
.TP
.BI "-w	--write " "file" \c
\& Save the data in an outputfile
.TP
.BI "-o 	--outputdata " "file" \c
\& The output file name (for the data)
.TP
.BI "-O 	--output " "file"\c
\& The output file name (for the headers)
.TP
.B -h 	--help \c
\& Display the help
.TP
.B --version \c
\& Display the version of the software
.TP
.B --license \c
\& Display the copyright informations
.SH AUTHOR
.RB "The " "groinc" " software and this manual page was written by Luc Sarzyniec <olbat@xiato.com>"
.SH BUGS
.RI "You can report bugs to <groinc-bugs@nongnu.org> or visit " "http://groinc.nongnu.org/"
.SH COPYRIGHT
Copyright (C) 2006-2008 Luc Sarzyniec
